Security flaw found in Windows XP

Researcher warns attackers could exploit the vulnerability to take over users' machines
Author:
Publish date:
7_windowsxp_sml.jpg

A security flaw has been discovered in Windows XP which could allow cyber criminals to take control of users’ PCs.

According to Thinq.co.uk, the vulnerability was discovered by researcher Tavis Ormandy, an affects the Help and Support Center for Windows XP and Server 2003.

Ormandy wrote on a website yesterday that attackers could use the remote assistance tool to execute tasks on their victims’ computers.

"Upon successful exploitation, a remote attacker is able to execute arbitrary commands with the privileges of the current user," Ormandy wrote.

"I've concluded that there's a significant possibility that attackers have studied this component, and releasing this information rapidly is in the best interest of security."

Ormandy has reported the security flaw to Microsoft, which has said it is investigating.

Earlier this year, Microsoft fixed a 17-year-old vulnerability in Windows which had appeared in almost every version of Windows since NT 3.1.

Related